Security bulletin

Potential vulnerabilities in Adobe Audition

Release date: May 12, 2011

Vulnerability identifier: APSB11-10

CVE number: CVE-2011-0614, CVE-2011-0615

Platform: Windows

Summary

Critical vulnerabilities have been identified in Adobe Audition 3.0.1 and earlier versions for
Windows. One of the vulnerabilities could allow an attacker, who successfully exploits the
vulnerability, to run malicious code on the affected system. An attacker would need to convince a
user to open a malicious binary Audition Session (.ses) file to successfully exploit the issue. The
Audition Session (.ses) file format is an older format that is no longer supported with the release
of Adobe Audition CS5.5. Adobe is not aware of any attacks exploiting these vulnerabilities against
Adobe Audition.

Affected software versions

Adobe Audition 3.0.1 and earlier versions for Windows

Solution

Adobe strongly recommends Audition users discontinue use of the Adobe Session (.ses) file
format and switch to use of the XML session format. XML is a human-readable standard for
electronically encoding documents with numerous benefits over binary formats. With the release
of Audition CS5.5, the binary Audition Session (.ses) file format is no longer supported.

Severity rating

Adobe categorizes these as critical issues and recommends
that users switch to use of the XML session format.

Details

Critical vulnerabilities have been identified in Adobe Audition 3.0.1 and earlier versions for Windows. One of the vulnerabilities could allow an attacker, who successfully exploits the
vulnerability, to run malicious code on the affected system. An attacker would need to convince a
user to open a malicious binary Audition Session (.ses) file to successfully exploit the issue. The
Audition Session (.ses) file format is an older format that is no longer supported with the release
of Adobe Audition CS5.5. Adobe is not aware of any attacks exploiting these vulnerabilities against
Adobe Audition.